Amazon says a patch for WPA2 exploit KRACK is in the works

Phones and computers aren't the only devices affected by the KRACK WPA2 exploit. In a connected world, everything from your toothbrush to your doorbell to your stereo uses Wi-Fi, and every one of them also needs a patch. Good luck with that.

One manufacturer with untold millions of things in homes around the world is Amazon, and we hit them up for any news on what they're doing about KRACK.

An Amazon spokesperson tells us "We are in the process of reviewing which of our devices may contain this vulnerability and will be issuing patches where needed."

The language here is important. Every device that uses WPA2 for Wi-Fi encryption is vulnerable. All of them. And they all should be patched. But some devices need to be patched first, because of what they are able to do and what an attacker would be able to do with them.

Everything needs to be updated but some things need to be updated right away.

At the "extreme" end of the scale is Android. Devices running versions 6.0 and higher need to be patched ASAP because a preexisting security feature was attacked and the result is an encryption token that's useless; it becomes all zeros. An attacker can then decrypt every packet over the network as well as forge packets to inject nasty stuff.

At the other end is something like a smart sprinkler head. It's out in your garden waiting to get a signal to cycle its power. That's all it can do: turn on and off. It needs to be patched, but the controller that can do so much more is a higher priority.

Amazon has several devices using Android 6.0 or higher as the base for FireOS. Those devices need prompt attention. The Echo family is also a priority. Dash buttons, apps for Android, iOS, macOS, and Windows may all need to be updated because they initiate a connection, and they also fit somewhere on the priority slider. Amazon's generic answer is the right answer.